Magid: It's time for websites and apps to get serious about protecting child privacy

By Larry Magid

for the Mercury News

Posted:
12/14/2012 06:00:00 AM PST

Updated:
12/17/2012 12:03:09 PM PST

The Federal Trade Commission, for the second time this year, last week released a report saying mobile apps aimed at children do a poor of providing privacy information to parents.

It stopped short of calling for new regulations. But based on the FTC's findings, it seems likely the agency and Congress will soon start clamping down on the mobile app industry. In the months between its latest report and the one it issued nearly a year ago, the FTC found "little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it."

FTC Chairman Jon Leibowitz said the study shows that "kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents." He called on companies to do a better job, and said the FTC plans to do a follow-up survey and "will expect to see improvement."

The latests FTC report, titled "Mobile Apps for Kid Disclosures Still Not Making the Grade," found that nearly 60 percent of the apps surveyed transmit information from a user's device "back to the app developer or, more commonly, to an advertising network, analytics company, or other third party." The commission also reported that "a relatively small number of third parties received information from a large number of apps," potentially allowing those third parties to "develop detailed profiles of the children based on their behavior in different apps."

Advertisement

The FTC also said that many apps that contain "interactive features" -- including advertising, links to social media or the ability to make in-app purchases -- fail to disclose those features to parents before download.

As regular readers of this column know, I'm not a big advocate of government regulation. Congress often overreacts to problems and I worry about regulations that would stifle innovation or deny children access to the thousands of great apps. Still, it seems obvious to me that if app developers don't quickly clean up their own act, government intervention is inevitable and perhaps necessary.

All of this is playing out as we wait for the FTC to issue revised guidelines to enforce the Children Online Privacy Protection Act of 1998. The agency has indicated it will issue new rules to cover smartphone and social networking apps and plug-ins as well as third-party advertising networks -- none of which were common when the law went into effect.

Despite its lofty goals of protecting children's privacy, the protection act has had some unintended consequences, including causing some children's websites to shut down because of the cost and hassle of obtaining verifiable parental permission before children under 13 could be allowed to provide any information to the sites.

The law is also the main reason Facebook and other social networks don't allow children under 13, which has led millions of preteens to lie about their age, often with the consent or even help of their parents. A study conducted last year by Harris Interactive found that 68 percent of the parents of kids who were under 13 when they signed up indicated that they helped their child create the account.

As big a deal as it may be for website operators to have to deal with the children's privacy act, regulations on mobile apps would be an even bigger deal because of the size and growth of the app market and the incredible number of app development companies, many of which are extremely small businesses.

According to the FTC, there were more than 700,000 apps available in the Apple (AAPL) App store as of September, a 40 percent increase since the end of last year. There were also 700,000 Google (GOOG) pay apps, representing an 80 percent increase over last year.

For app developers, especially those with apps popular with children, the choice is clear and the remedy is fairly easy. They need to provide parents with more information in the app store and on their websites, and they need to build greater privacy protections into their products, a practice known as "privacy by design."

Privacy, safety and security can no longer be an afterthought. Just as no car company would design a vehicle without breaks, seat belts and air bags, app developers -- even ones with few resources -- need to think about these issues and built in protections from day one.

Disclosure: Larry Magid is co-director of ConnectSafely.org, a non-profit Internet safety organization that receives support from Facebook. Contact Larry Magid at larry@larrymagid.com. Listen for his technology chats on KCBS-AM (740) weekdays at 3:50 p.m.